IETF Logo Mail Archive

Re: Scripting attacks [was Next step for draft-ietf-6man-rfc6874bis]

Brian E Carpenter <brian.e.carpenter@gmail.com> Tue, 05 July 2022 00:11 UTC

Return-Path: <brian.e.carpenter@gmail.com>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 38A13C14F73D for <ipv6@ietfa.amsl.com>; Mon, 4 Jul 2022 17:11:46 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.983
X-Spam-Level:
X-Spam-Status: No, score=-3.983 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, NICE_REPLY_A=-1.876, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id vnwlatyf4pzC for <ipv6@ietfa.amsl.com>; Mon, 4 Jul 2022 17:11:45 -0700 (PDT)
Received: from mail-pf1-x432.google.com (mail-pf1-x432.google.com [IPv6:2607:f8b0:4864:20::432]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B7C79C14F72C for <ipv6@ietf.org>; Mon, 4 Jul 2022 17:11:45 -0700 (PDT)
Received: by mail-pf1-x432.google.com with SMTP id i17so569342pfk.1 for <ipv6@ietf.org>; Mon, 04 Jul 2022 17:11:45 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=message-id:date:mime-version:user-agent:subject:content-language:to :cc:references:from:in-reply-to:content-transfer-encoding; bh=zRADFmlOb6SkxpdkS+r4TRdomQwpoxwtJPsuojutDjs=; b=fPue7NcrBX1dTC9MutaH8al/N8f1oNiXqXX57V9WiGtpBmBK6HvC1VPMXaubnn0V+w yVcX1LTm28rG18jJvdZAQ5b0T6zjlGaSxeZmSG9P8BgnIE2T1bgF224RB9AxTxuqCjYQ lzRwrwvdG7tus7g7nRyGaiOXjwoYZxu/G65CfxinSKq6r6ZlDV79a+gwiT7Y2zPB9/XT vfLheHTwOVliBO0HR35l+eDLluQsJua9XZduh8Wo6y2nqf3A+gPIsTJZ9kflqbUPp02M 5lqQPC9dYFOMAQngRGboMRf75W28BwnmoTXOlEYI79pwRLExvnMcWd3+IPoiqpTP/CKG mvqA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:message-id:date:mime-version:user-agent:subject :content-language:to:cc:references:from:in-reply-to :content-transfer-encoding; bh=zRADFmlOb6SkxpdkS+r4TRdomQwpoxwtJPsuojutDjs=; b=WJ0ayRmu78E8P3BJZvbRD18GatnkqIsYdp+peDOx3bVecsLv4J+4YtPPyexuxSy8Xz Jn5D112/AG3iZqClaMdODsQoh/6w+GHRNLPSDiWUtaA25s6VW2GogXjl6dArpQZ56eNK MPq5FMg+pL5IAtr9QystxZpwAb9gC1dlBXuP4KZQGOXd5UbhWeVQp/aG+uGfsxmUbKKk +uiVbGwbxB19fN2F9+wCZ1EIunu2c6C93XpovVeDyXjyB9UbcQ0/8fQ9JS23pCQOgSL2 2p1Y1P10be5L9tcJDl7X6eTn+3kiAvBQpl1rgwi6uyZSN2lEF9WNKQmM900oHAZrC6IY DbHQ==
X-Gm-Message-State: AJIora8a9+samSYWD78PzMgzmJmXrUVwJ1OgKLN4M+jydPypNIxCOppa 5A2RiD1CcNuRZL3YOCtdxKM=
X-Google-Smtp-Source: AGRyM1u+rRSUZpCWc8iiPj5f+hAkZ1+ZMzs397JUWI03elYNTLs12sB9TelRHe7PaSxFohzbYhr+Pg==
X-Received: by 2002:a63:1803:0:b0:40d:159e:91af with SMTP id y3-20020a631803000000b0040d159e91afmr27986237pgl.371.1656979904869; Mon, 04 Jul 2022 17:11:44 -0700 (PDT)
Received: from ?IPV6:2406:e003:1124:9301:80b2:5c79:2266:e431? ([2406:e003:1124:9301:80b2:5c79:2266:e431]) by smtp.gmail.com with ESMTPSA id s7-20020a17090302c700b00168e83eda56sm21889018plk.3.2022.07.04.17.11.41 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Mon, 04 Jul 2022 17:11:43 -0700 (PDT)
Message-ID: <edc17d00-83c7-25df-d125-14c8f15da172@gmail.com>
Date: Tue, 05 Jul 2022 12:11:40 +1200
MIME-Version: 1.0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Thunderbird/91.10.0
Subject: Re: Scripting attacks [was Next step for draft-ietf-6man-rfc6874bis]
Content-Language: en-US
To: Carsten Bormann <cabo@tzi.org>
Cc: Stuart Cheshire <cheshire@apple.com>, 6man <ipv6@ietf.org>, Ted Lemon <mellon@fugue.com>
References: <164938402532.17740.11717866110301931501@ietfa.amsl.com> <b1780128-2069-b32e-7ca5-86977c119f0c@gmail.com> <11d4e419-11a9-8768-abf2-1335e5f1c3d8@gmail.com> <149924f9-da30-fa79-0509-c01c439d1796@gmail.com> <5BEFA97B-CF09-44D7-8C10-017FEAE4C3A8@tiesel.net> <e6ff75e7-b6c6-ea03-2e10-b1ad95d650f0@gmail.com> <98D15BD9-A631-4D09-AE9E-9D4C750714C9@tiesel.net> <95c82ad3-2138-ab2a-7ba5-57ad80472964@gmail.com> <E5C368C5-9DAE-4C61-ADDE-B881EA11EDA0@tiesel.net> <6968ca7b-dac3-b192-41ed-a193adab7eb4@gmail.com> <529B863C-BCC9-40C1-A5B8-B0598E7DF17C@tzi.org> <bf8c5c54-d548-a40a-0381-0583ef946f26@gmail.com> <CAPt1N1=4wbqrrzvwdr4FD7awa6pkyffhwRZC3zAWLs7uzY3BJQ@mail.gmail.com> <86509E47-77CE-4210-A1B7-C1E9955D9672@tzi.org>
From: Brian E Carpenter <brian.e.carpenter@gmail.com>
In-Reply-To: <86509E47-77CE-4210-A1B7-C1E9955D9672@tzi.org>
Content-Type: text/plain; charset="UTF-8"; format="flowed"
Content-Transfer-Encoding: base64
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipv6/-TLXQdp2J4zrSsClEpvxWoEe-HQ>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 05 Jul 2022 00:11:46 -0000

On 30-Jun-22 12:06, Carsten Bormann wrote:
> On 30. Jun 2022, at 02:03, Ted Lemon <mellon@fugue.com> wrote:
>>
>> Of course, many browsers will, at this point, notify the user that "a tab is consuming a lot of power”.
> 
> But are even 1000 parallel threads, each mostly waiting for 3500 ms, consuming a lot of power?

I couldn't leave it alone, so I learnt a bit more Javascript and figured out how to launch an arbitrary number of threads in parallel (which is surprisingly easy, but stopping them once launched is harder). A few hundred in parallel doesn't even heat the CPU enough for the fan to come on. At around a million, the fan is going like crazy and Firefox is clearly going to fill memory soon, and in fact cannot even shut down the tab where the threads are running. In any case, as Carsten pointed out, because of the need for a timeout, parallelism makes a big difference.

The sweet spot seems to be about several thousand threads, which is impressive. I estimate from my observations that a carefully designed script could scan about 1000 addresses per second, without alarming the user that something was going on. That would amount to 585 million years to scan a 64 bit space, *but* only 4.6 hours to scan a 24 bit space. (All based on my very ordinary Windows laptop and home network.)

That's interesting, because it means that there is no realistic risk if using a random 64 bit interface identifier, but a real exposure if using a Modified EUI, since many of the bits are guessable, as discussed in RFC 7707. The numbers above are clearly specific to a particular scenario, but we will mention this point in the draft (update coming very soon).

Regards
     Brian

v2.23.0 | Report a Bug | By Email